Vulnerabilities > CVE-2021-24637 - Unspecified vulnerability in Fontsplugin Fonts 3.0.0/3.0.1/3.0.2

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
fontsplugin

Summary

The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.

Vulnerable Configurations

Part Description Count
Application
Fontsplugin
4